diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9f6643b578d..71196469511 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -40,6 +40,7 @@ #else #include #include +#include #include #include #endif @@ -612,10 +613,10 @@ static void help(u_int long_help) { NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_info_mod, &all); - ndpi_dump_protocols(ndpi_info_mod); + ndpi_dump_protocols(ndpi_info_mod, stdout); printf("\n\nnDPI supported risks:\n"); - ndpi_dump_risks_score(); + ndpi_dump_risks_score(stdout); ndpi_exit_detection_module(ndpi_info_mod); } @@ -977,7 +978,7 @@ static void parseOptions(int argc, char **argv) { switch (opt) { case 'a': - ndpi_generate_options(atoi(optarg)); + ndpi_generate_options(atoi(optarg), stdout); exit(0); case 'A': diff --git a/example/reader_util.c b/example/reader_util.c index fff77f139f6..7f84084669d 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -40,6 +40,7 @@ #else #include #include +#include #endif #include "reader_util.h" diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index eddad549c23..ce710ddf7c7 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -728,21 +728,22 @@ extern "C" { * * @par ndpi_mod = the detection module */ - void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod); + void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod, FILE *dump_out); /** * Generate Options list used in OPNsense firewall plugin * * @par opt = The Option list to generate + * @par dump_out = Output stream for generated options */ - void ndpi_generate_options(u_int opt); + void ndpi_generate_options(u_int opt, FILE *dump_out); /** * Write the list of the scores and their associated risks * - * @par ndpi_mod = the detection module + * @par dump_out = Output stream for dumped risk scores */ - void ndpi_dump_risks_score(void); + void ndpi_dump_risks_score(FILE *dump_out); /** * Read a file and load the protocols diff --git a/src/include/ndpi_includes.h b/src/include/ndpi_includes.h index 27580a45e40..ae62309235d 100644 --- a/src/include/ndpi_includes.h +++ b/src/include/ndpi_includes.h @@ -41,11 +41,14 @@ #include #include #include +#include #include #include +#ifndef __APPLE__ #include #include #include +#endif #if !defined __APPLE__ && !defined __FreeBSD__ && !defined __NetBSD__ && !defined __OpenBSD__ #include diff --git a/src/include/ndpi_patricia_typedefs.h b/src/include/ndpi_patricia_typedefs.h index f062677bd12..41f15e79016 100644 --- a/src/include/ndpi_patricia_typedefs.h +++ b/src/include/ndpi_patricia_typedefs.h @@ -64,6 +64,10 @@ #ifndef _NDPI_PATRICIA_TYPEDEF_H_ #define _NDPI_PATRICIA_TYPEDEF_H_ +#ifndef NDPI_CFFI_PREPROCESSING +#include "ndpi_includes.h" +#endif + #define UV16_MAX_USER_VALUES 2 struct patricia_uv16 { diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 4d4d22161cd..690c9daf907 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,6 +25,9 @@ E * ndpi_typedefs.h #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" +#ifndef NDPI_CFFI_PREPROCESSING +#include "ndpi_includes.h" +#endif #include "ndpi_protocol_ids.h" #include "ndpi_utils.h" @@ -47,6 +50,12 @@ typedef unsigned int u_int; #endif #endif +#ifdef __APPLE__ +typedef unsigned char u_char; +typedef unsigned short u_short; +typedef unsigned int u_int; +#endif + /* NDPI_LOG_LEVEL */ typedef enum { NDPI_LOG_ERROR, diff --git a/src/include/ndpi_utils.h b/src/include/ndpi_utils.h index 492b46a478e..288cd7a9403 100644 --- a/src/include/ndpi_utils.h +++ b/src/include/ndpi_utils.h @@ -25,9 +25,14 @@ #define __NDPI_UTILS_H__ #include "ndpi_define.h" +#ifndef NDPI_CFFI_PREPROCESSING +#include "ndpi_includes.h" +#endif #ifndef NDPI_CFFI_PREPROCESSING -extern u_int8_t ndpi_ends_with(char *str, char *ends); +struct ndpi_detection_module_struct; +extern u_int8_t ndpi_ends_with(struct ndpi_detection_module_struct *ndpi_struct, + char *str, char *ends); #endif // NDPI_CFFI_PREPROCESSING /* **************************************** */ diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index c4e5880b6c3..4cfb6283e94 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -17,12 +17,12 @@ includedir = @includedir@/ndpi ifneq ($(OS),Windows_NT) CFLAGS += -fPIC -DPIC endif -CFLAGS += -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION @NDPI_CFLAGS@ @GPROF_CFLAGS@ @CUSTOM_NDPI@ @ADDITIONAL_INCS@ +CFLAGS += -I. -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION @NDPI_CFLAGS@ @GPROF_CFLAGS@ @CUSTOM_NDPI@ @ADDITIONAL_INCS@ LDFLAGS += @NDPI_LDFLAGS@ LIBS = @ADDITIONAL_LIBS@ @LIBS@ @GPROF_LIBS@ OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) $(patsubst third_party/src/hll/%.c, third_party/src/hll/%.o, $(wildcard third_party/src/hll/*.c)) $(patsubst ./%.c, ./%.o, $(wildcard ./*.c)) -HEADERS = $(wildcard ../include/*.h) +HEADERS = $(wildcard ../include/*.h) $(wildcard ../include/*.h) NDPI_VERSION_MAJOR = @NDPI_MAJOR@ NDPI_LIB_STATIC = libndpi.a NDPI_LIB_SHARED_BASE = libndpi.so diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index e9aa99a31f0..f6d8281078e 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -32,6 +32,8 @@ #include "ndpi_config.h" #include "third_party/include/hll.h" +#include "ndpi_replace_printf.h" + /* ********************************************************************************* */ void ndpi_init_data_analysis(struct ndpi_analyze_struct *ret, u_int16_t _max_series_len) { @@ -726,6 +728,7 @@ int ndpi_cluster_bins(struct ndpi_bin *bins, u_int16_t num_bins, float *bin_score; u_int16_t num_cluster_elems[MAX_NUM_CLUSTERS] = { 0 }; + (void)out_buf; srand(time(NULL)); if(!bins || num_bins == 0 || !cluster_ids || num_clusters == 0) diff --git a/src/lib/ndpi_binary_bitmap.c b/src/lib/ndpi_binary_bitmap.c index 184bb99dfec..b1fd0ba5420 100644 --- a/src/lib/ndpi_binary_bitmap.c +++ b/src/lib/ndpi_binary_bitmap.c @@ -71,8 +71,10 @@ bool ndpi_binary_bitmap_set(ndpi_binary_bitmap *b, u_int64_t value, u_int8_t cat b->entries = rc, b->num_allocated_entries = new_len; } +#ifdef PRINT_DUPLICATED_HASHS if(value == 0) printf("[add] ZERO hash !!!\n"); +#endif b->entries[b->num_used_entries].value = value, b->entries[b->num_used_entries].category = category; diff --git a/src/lib/ndpi_classify.c b/src/lib/ndpi_classify.c index 114982de45a..a7937ed08b0 100644 --- a/src/lib/ndpi_classify.c +++ b/src/lib/ndpi_classify.c @@ -51,6 +51,8 @@ #include "ndpi_classify.h" #include "ndpi_includes.h" +#include "ndpi_replace_printf.h" + /** finds the minimum value between to inputs */ #ifndef min #define min(a,b) \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7a50731d6b8..15f6a6f9939 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -26,6 +26,10 @@ #include #include +#ifdef __APPLE__ +#include +#endif + #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN #include "ndpi_config.h" @@ -36,7 +40,7 @@ #ifdef USE_HOST_LIBGCRYPT #include #else -#include +#include "gcrypt_light.h" #endif #include @@ -122,11 +126,8 @@ #include "nbpf.h" #endif -/* #define DGA_DEBUG 1 */ /* #define MATCH_DEBUG 1 */ -u_int ndpi_verbose_dga_detection = 0; - /* ****************************************** */ static void *(*_ndpi_flow_malloc)(size_t size); @@ -2169,7 +2170,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp /* ****************************************************** */ +#ifdef NDPI_ENABLE_DEBUG_MESSAGES #define MATCH_DEBUG_INFO(fmt, ...) if(txt->option & AC_FEATURE_DEBUG) printf(fmt, ##__VA_ARGS__) +#else +#define MATCH_DEBUG_INFO(fmt, ...) +#endif /* No static because it is used by fuzzer, too */ int ac_domain_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) { @@ -2659,7 +2664,7 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct * ndpi_vsnprintf(str, sizeof(str) - 1, format, args); va_end(args); - if(ndpi_str != NULL) { + if(ndpi_str != NULL || (file_name != NULL && func_name != NULL)) { printf("%s:%s:%-3d - [%u]: %s", file_name, func_name, line_number, proto, str); } else { printf("Proto: %u, %s", proto, str); @@ -8734,13 +8739,13 @@ int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *ca /* ****************************************************** */ -void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) { +void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str, FILE *dump_out) { int i; - if(!ndpi_str) return; + if(!ndpi_str || !dump_out) return; for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++) - printf("%3d %-22s %-10s %-8s %-12s %s\n", + fprintf(dump_out, "%3d %-22s %-10s %-8s %-12s %s\n", i, ndpi_str->proto_defaults[i].protoName, ndpi_get_l4_proto_name(ndpi_get_l4_proto_info(ndpi_str, i)), ndpi_str->proto_defaults[i].isAppProtocol ? "" : "X", @@ -8752,11 +8757,12 @@ void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) { /* Helper function used to generate Options fields in OPNsense */ -void ndpi_generate_options(u_int opt) { +void ndpi_generate_options(u_int opt, FILE *options_out) { struct ndpi_detection_module_struct *ndpi_str; NDPI_PROTOCOL_BITMASK all; u_int i; + if (!options_out) return; ndpi_str = ndpi_init_detection_module(ndpi_no_prefs); NDPI_BITMASK_SET_ALL(all); @@ -8766,8 +8772,8 @@ void ndpi_generate_options(u_int opt) { case 0: /* List known protocols */ { for(i = 1 /* Skip unknown */; i < ndpi_str->ndpi_num_supported_protocols; i++) { - printf(" %s\n", - i, i, ndpi_str->proto_defaults[i].protoName, i); + fprintf(options_out, " %s\n", + i, i, ndpi_str->proto_defaults[i].protoName, i); } } break; @@ -8778,8 +8784,8 @@ void ndpi_generate_options(u_int opt) { const char *name = ndpi_category_get_name(ndpi_str, i); if((name != NULL) && (name[0] != '\0')) { - printf(" %s\n", - i, i, name, i); + fprintf(options_out, " %s\n", + i, i, name, i); } } } @@ -8788,26 +8794,26 @@ void ndpi_generate_options(u_int opt) { case 2: /* List known risks */ { for(i = 1 /* Skip no risk */; i < NDPI_MAX_RISK; i++) { - ndpi_risk_enum r = (ndpi_risk_enum)i; + ndpi_risk_enum r = (ndpi_risk_enum)i; - printf(" %s\n", - i, i, ndpi_risk2str(r), i); + fprintf(options_out, " %s\n", + i, i, ndpi_risk2str(r), i); } } break; default: - printf("WARNING: option -a out of range\n"); + fprintf(options_out, "%s\n", "WARNING: option -a out of range"); break; } } /* ****************************************************** */ -void ndpi_dump_risks_score() { +void ndpi_dump_risks_score(FILE *risk_out) { u_int i; - printf("%3s %-48s %-8s %s %-8s %-8s\n", + fprintf(risk_out, "%3s %-48s %-8s %s %-8s %-8s\n", "Id", "Risk", "Severity", "Score", "CliScore", "SrvScore"); for(i = 1; i < NDPI_MAX_RISK; i++) { @@ -9645,7 +9651,8 @@ static int enough(int a, int b) { /* ******************************************************************** */ -u_int8_t ndpi_ends_with(char *str, char *ends) { +u_int8_t ndpi_ends_with(struct ndpi_detection_module_struct *ndpi_struct, + char *str, char *ends) { u_int str_len = str ? strlen(str) : 0; u_int8_t ends_len = strlen(ends); u_int8_t rc; @@ -9655,9 +9662,7 @@ u_int8_t ndpi_ends_with(char *str, char *ends) { rc = (strncmp(&str[str_len-ends_len], ends, ends_len) != 0) ? 0 : 1; -#ifdef DGA_DEBUG - printf("[DGA] %s / %s [rc: %u]\n", str, ends, rc); -#endif + NDPI_LOG_DBG2(ndpi_struct, "[DGA] %s / %s [rc: %u]\n", str, ends, rc); return(rc); } @@ -9714,12 +9719,12 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if((!name) || (strchr(name, '_') != NULL) || (strchr(name, '-') != NULL) - || (ndpi_ends_with(name, "in-addr.arpa")) - || (ndpi_ends_with(name, "ip6.arpa")) + || (ndpi_ends_with(ndpi_str, name, "in-addr.arpa")) + || (ndpi_ends_with(ndpi_str, name, "ip6.arpa")) /* Ignore TLD .local .lan and .home */ - || (ndpi_ends_with(name, ".local")) - || (ndpi_ends_with(name, ".lan")) - || (ndpi_ends_with(name, ".home")) + || (ndpi_ends_with(ndpi_str, name, ".local")) + || (ndpi_ends_with(ndpi_str, name, ".lan")) + || (ndpi_ends_with(ndpi_str, name, ".home")) ) return(0); @@ -9741,8 +9746,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if(strncmp(name, "www.", 4) == 0) name = &name[4]; - if(ndpi_verbose_dga_detection) - printf("[DGA check] %s\n", name); + NDPI_LOG_DBG2(ndpi_str, "[DGA] check %s\n", name); len = strlen(name); @@ -9756,8 +9760,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, len = ndpi_snprintf(tmp, max_tmp_len, "%s", name); if(len < 0) { - if(ndpi_verbose_dga_detection) - printf("[DGA] Too short"); + NDPI_LOG_DBG2(ndpi_str, "[DGA] too short"); return(0); } else @@ -9826,14 +9829,13 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, } if(num_dots == 0) /* Doesn't look like a domain name */ - return(0); + return(0); if(curr_domain_element_len > max_domain_element_len) - max_domain_element_len = curr_domain_element_len; + max_domain_element_len = curr_domain_element_len; - if(ndpi_verbose_dga_detection) - printf("[DGA] [max_num_char_repetitions: %u][max_domain_element_len: %u]\n", - max_num_char_repetitions, max_domain_element_len); + NDPI_LOG_DBG2(ndpi_str, "[DGA] [max_num_char_repetitions: %u][max_domain_element_len: %u]\n", + max_num_char_repetitions, max_domain_element_len); if( (is_hostname @@ -9855,8 +9857,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_DGA_DOMAIN, name); } - if(ndpi_verbose_dga_detection) - printf("[DGA] Found!"); + NDPI_LOG_DBG2(ndpi_str, "[DGA] Found!"); return(1); } @@ -9878,8 +9879,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if(strlen(word) < 5) continue; - if(ndpi_verbose_dga_detection) - printf("-> word(%s) [%s][len: %u]\n", word, name, (unsigned int)strlen(word)); + NDPI_LOG_DBG2(ndpi_str, "[DGA] word(%s) [%s][len: %u]\n", word, name, (unsigned int)strlen(word)); trigram_char_skip = 0; @@ -9917,12 +9917,10 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, num_bigram_checks++; - if(ndpi_verbose_dga_detection) - printf("-> Checking %c%c\n", word[i], word[i+1]); + NDPI_LOG_DBG2(ndpi_str, "[DGA] checking %c%c\n", word[i], word[i+1]); if(ndpi_match_impossible_bigram(&word[i])) { - if(ndpi_verbose_dga_detection) - printf("IMPOSSIBLE %s\n", &word[i]); + NDPI_LOG_DBG2(ndpi_str, "[DGA] IMPOSSIBLE %s\n", &word[i]); num_impossible++; } else { @@ -9935,8 +9933,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, } if((num_trigram_dots < 2) && (word[i+2] != '\0')) { - if(ndpi_verbose_dga_detection) - printf("***> %s [trigram_char_skip: %u]\n", &word[i], trigram_char_skip); + NDPI_LOG_DBG2(ndpi_str, "[DGA] %s [trigram_char_skip: %u]\n", &word[i], trigram_char_skip); if(ndpi_is_trigram_char(word[i]) && ndpi_is_trigram_char(word[i+1]) && ndpi_is_trigram_char(word[i+2])) { if(trigram_char_skip) { @@ -9946,8 +9943,8 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if(ndpi_match_trigram(&word[i])) num_trigram_found++, trigram_char_skip = 2 /* 1 char overlap */; - else if(ndpi_verbose_dga_detection) - printf("[NDPI] NO Trigram %c%c%c\n", word[i], word[i+1], word[i+2]); + else + NDPI_LOG_DBG2(ndpi_str, "[DGA] NO Trigram %c%c%c\n", word[i], word[i+1], word[i+2]); /* Count vowels */ num_trigram_vowels += ndpi_is_vowel(word[i]) + ndpi_is_vowel(word[i+1]) + ndpi_is_vowel(word[i+2]); @@ -9965,11 +9962,9 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, max_num_consecutive_digits_first_word = num_consecutive_digits; } /* for */ - if(ndpi_verbose_dga_detection) - printf("[NDPI] max_num_consecutive_digits_first_word=%u\n", max_num_consecutive_digits_first_word); + NDPI_LOG_DBG2(ndpi_str, "[DGA] max_num_consecutive_digits_first_word=%u\n", max_num_consecutive_digits_first_word); - if(ndpi_verbose_dga_detection) - printf("[%s][num_found: %u][num_impossible: %u][num_digits: %u][num_bigram_checks: %u][num_vowels: %u/%u][num_trigram_vowels: %u][num_trigram_found: %u/%u][vowels: %u][rc: %u]\n", + NDPI_LOG_DBG2(ndpi_str, "[DGA] [%s][num_found: %u][num_impossible: %u][num_digits: %u][num_bigram_checks: %u][num_vowels: %u/%u][num_trigram_vowels: %u][num_trigram_found: %u/%u][vowels: %u][rc: %u]\n", name, num_found, num_impossible, num_digits, num_bigram_checks, num_vowels, len, num_trigram_vowels, num_trigram_checked, num_trigram_found, num_vowels, rc); @@ -10000,17 +9995,14 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, /* Skip names whose first word item has at least 3 consecutive digits */ if(max_num_consecutive_digits_first_word > 2) - rc = 0; + rc = 0; - if(ndpi_verbose_dga_detection) { - if(rc) - printf("DGA %s [num_found: %u][num_impossible: %u]\n", - name, num_found, num_impossible); - } + if(rc) + NDPI_LOG_DBG2(ndpi_str, "[DGA] %s [num_found: %u][num_impossible: %u]\n", + name, num_found, num_impossible); } - if(ndpi_verbose_dga_detection) - printf("[DGA] Result: %u\n", rc); + NDPI_LOG_DBG2(ndpi_str, "[DGA] Result: %u\n", rc); if(rc && flow) ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_DGA_DOMAIN, name); diff --git a/src/lib/ndpi_replace_printf.h b/src/lib/ndpi_replace_printf.h new file mode 100644 index 00000000000..73313386c74 --- /dev/null +++ b/src/lib/ndpi_replace_printf.h @@ -0,0 +1,56 @@ +/* + * ndpi_replace_printf.h + * + * Copyright (C) 2023 - ntop.org and contributors + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +// This file may be included in every *.c file that uses printf(...) except for ndpi_main.c ! + +#include "ndpi_config.h" + +#ifndef NDPI_CFFI_PREPROCESSING + +#undef printf +#undef fprintf + +#include "ndpi_typedefs.h" + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES + +#define printf(...) ndpi_debug_printf(0, NULL, NDPI_LOG_DEBUG_EXTRA, __FILE__, __func__, __LINE__, __VA_ARGS__) + +#ifdef NDPI_REPLACE_FPRINTF +#define fprintf(stream, ...) ndpi_debug_printf(0, NULL, NDPI_LOG_ERROR, __FILE__, __func__, __LINE__, __VA_ARGS__) +#endif + +#else + +#define printf(...) do {} while(0); + +#ifdef NDPI_REPLACE_FPRINTF +#define fprintf(stream, ...) do {} while(0); +#endif + +#endif + +void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level, + const char *file_name, const char *func_name, int line_number, const char *format, ...); + +#endif diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 3bf8190254c..25d7e2cc648 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -54,6 +54,8 @@ #include "third_party/include/uthash.h" #include "third_party/include/rce_injection.h" +#include "ndpi_replace_printf.h" + #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" // #define MATCH_DEBUG 1 diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 27140905727..2828202dd43 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -62,7 +62,7 @@ static void ndpi_set_binary_application_transfer(struct ndpi_detection_module_st /* Check known exceptions */ - if(ndpi_ends_with((char*)flow->host_server_name, ".windowsupdate.com")) + if(ndpi_ends_with(ndpi_struct, (char*)flow->host_server_name, ".windowsupdate.com")) ; else ndpi_set_risk(ndpi_struct, flow, NDPI_BINARY_APPLICATION_TRANSFER, msg); diff --git a/src/lib/third_party/include/roaring.h b/src/lib/third_party/include/roaring.h index 117f861b48a..500ba9cb944 100644 --- a/src/lib/third_party/include/roaring.h +++ b/src/lib/third_party/include/roaring.h @@ -259,10 +259,13 @@ static inline void roaring_bitmap_set_copy_on_write(roaring_bitmap_t* r, roaring_bitmap_t *roaring_bitmap_add_offset(const roaring_bitmap_t *bm, int64_t offset); + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /** * Describe the inner structure of the bitmap. */ void roaring_bitmap_printf_describe(const roaring_bitmap_t *r); +#endif /** * Creates a new bitmap from a list of uint32_t integers @@ -286,10 +289,12 @@ roaring_bitmap_t *roaring_bitmap_copy(const roaring_bitmap_t *r); bool roaring_bitmap_overwrite(roaring_bitmap_t *dest, const roaring_bitmap_t *src); +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /** * Print the content of the bitmap. */ void roaring_bitmap_printf(const roaring_bitmap_t *r); +#endif /** * Computes the intersection between two bitmaps and returns new bitmap. The diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c index cade82bab42..12bc422ac88 100644 --- a/src/lib/third_party/src/ahocorasick.c +++ b/src/lib/third_party/src/ahocorasick.c @@ -43,6 +43,8 @@ typedef __kernel_size_t size_t; #include "ndpi_api.h" #include "ahocorasick.h" +#include "../../ndpi_replace_printf.h" + /* TODO: For different depth of node, number of outgoing edges differs considerably, It is efficient to use different chunk size for different depths */ @@ -482,6 +484,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz, if(match->match_map) { match->match_counter++; /* we have a matching */ #ifndef __KERNEL__ +#ifdef NDPI_ENABLE_DEBUG_MESSAGES if(debug) { int i; AC_PATTERN_t *patterns = curr->matched_patterns->patterns; @@ -494,6 +497,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz, patterns[i].rep.number); } } +#endif #endif if(thiz->match_handler) { /* We check 'next' to find out if we came here after a alphabet @@ -521,6 +525,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz, if(txt->match.matched[i]) { *param = (txt->match.matched[i])->rep; #ifndef __KERNEL__ +#ifdef NDPI_ENABLE_DEBUG_MESSAGES if(debug) { AC_PATTERN_t *pattern = txt->match.matched[i]; printf("best match: %c%.*s%c [%u]\n", @@ -529,6 +534,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz, pattern->rep.at_end ? '$':' ', pattern->rep.number); } +#endif #endif thiz->stats.n_found++; return 1; diff --git a/src/lib/third_party/src/roaring.c b/src/lib/third_party/src/roaring.c index f8ee417dab7..fd382ed0099 100644 --- a/src/lib/third_party/src/roaring.c +++ b/src/lib/third_party/src/roaring.c @@ -1912,6 +1912,7 @@ int array_container_to_uint32_array(void *vout, const array_container_t *cont, /* Compute the number of runs */ int32_t array_container_number_of_runs(const array_container_t *ac); +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /* * Print this container using printf (useful for debugging). */ @@ -1923,6 +1924,7 @@ void array_container_printf(const array_container_t *v); */ void array_container_printf_as_uint32_array(const array_container_t *v, uint32_t base); +#endif /** * Return the serialized size in bytes of a container having cardinality "card". @@ -2631,6 +2633,7 @@ int bitset_container_to_uint32_array(uint32_t *out, const bitset_container_t *bc, uint32_t base); +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /* * Print this container using printf (useful for debugging). */ @@ -2642,6 +2645,7 @@ void bitset_container_printf(const bitset_container_t *v); */ void bitset_container_printf_as_uint32_array(const bitset_container_t *v, uint32_t base); +#endif /** * Return the serialized size in bytes of a container. @@ -3154,6 +3158,7 @@ void run_container_xor(const run_container_t *src_1, int run_container_to_uint32_array(void *vout, const run_container_t *cont, uint32_t base); +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /* * Print this container using printf (useful for debugging). */ @@ -3165,6 +3170,7 @@ void run_container_printf(const run_container_t *v); */ void run_container_printf_as_uint32_array(const run_container_t *v, uint32_t base); +#endif /** * Return the serialized size in bytes of a container having "num_runs" runs. @@ -4290,6 +4296,12 @@ int run_run_container_ixor( #include #include +#ifndef WIN32 +#include "ndpi_config.h" + +#define NDPI_REPLACE_FPRINTF +#include "../../ndpi_replace_printf.h" +#endif #ifdef __cplusplus extern "C" { namespace roaring { namespace internal { @@ -4696,6 +4708,7 @@ static inline int32_t container_size_in_bytes( return 0; // unreached } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /** * print the container (useful for debugging), requires a typecode */ @@ -4707,6 +4720,7 @@ void container_printf(const container_t *container, uint8_t typecode); */ void container_printf_as_uint32_array(const container_t *container, uint8_t typecode, uint32_t base); +#endif /** * Checks whether a container is not empty, requires a typecode @@ -10423,6 +10437,7 @@ int array_container_to_uint32_array(void *vout, const array_container_t *cont, return outpos; } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES void array_container_printf(const array_container_t *v) { int i; if (v->cardinality == 0) { @@ -10449,6 +10464,7 @@ void array_container_printf_as_uint32_array(const array_container_t *v, printf(",%u", v->array[i] + base); } } +#endif /* Compute the number of runs */ int32_t array_container_number_of_runs(const array_container_t *ac) { @@ -11243,6 +11259,7 @@ int bitset_container_to_uint32_array( #endif } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /* * Print this container using printf (useful for debugging). */ @@ -11292,6 +11309,7 @@ void bitset_container_printf_as_uint32_array(const bitset_container_t * v, uint3 base += 64; } } +#endif // TODO: use the fast lower bound, also @@ -11561,6 +11579,11 @@ void container_free(container_t *c, uint8_t type) { } } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +void run_container_printf(const run_container_t *cont); +void run_container_printf_as_uint32_array(const run_container_t *cont, + uint32_t base); + void container_printf(const container_t *c, uint8_t type) { c = container_unwrap_shared(c, &type); switch (type) { @@ -11600,6 +11623,7 @@ void container_printf_as_uint32_array( __builtin_unreachable(); } } +#endif extern inline bool container_nonzero_cardinality( const container_t *c, uint8_t typecode); @@ -14901,6 +14925,7 @@ int run_container_to_uint32_array(void *vout, const run_container_t *cont, return outpos; } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES /* * Print this container using printf (useful for debugging). */ @@ -14931,6 +14956,7 @@ void run_container_printf_as_uint32_array(const run_container_t *cont, uint32_t j;for ( j = 0; j <= le; ++j) printf(",%u", run_start + j); } } +#endif int32_t run_container_write(const run_container_t *container, char *buf) { uint16_t cast_16 = container->n_runs; @@ -15561,6 +15587,7 @@ void roaring_bitmap_remove_range_closed(roaring_bitmap_t *r, uint32_t min, uint3 extern inline void roaring_bitmap_add_range(roaring_bitmap_t *r, uint64_t min, uint64_t max); extern inline void roaring_bitmap_remove_range(roaring_bitmap_t *r, uint64_t min, uint64_t max); +#ifdef NDPI_ENABLE_DEBUG_MESSAGES void roaring_bitmap_printf(const roaring_bitmap_t *r) { const roaring_array_t *ra = &r->high_low_container; @@ -15596,6 +15623,7 @@ void roaring_bitmap_printf_describe(const roaring_bitmap_t *r) { } printf("}"); } +#endif typedef struct min_max_sum_s { uint32_t min; diff --git a/tests/dga/dga_evaluate.c b/tests/dga/dga_evaluate.c index 98cc6a2b1e9..6f4d187f843 100644 --- a/tests/dga/dga_evaluate.c +++ b/tests/dga/dga_evaluate.c @@ -36,10 +36,32 @@ void help() { exit(0); } - /* *********************************************** */ -extern int ndpi_verbose_dga_detection; +static int verbose_dga_detection = 0; + +static void ndpi_dbg_fn(u_int32_t protocol, + struct ndpi_detection_module_struct *module_struct, + ndpi_log_level_t log_level, const char *file, + const char *func, unsigned line, + const char *format, ...) +{ + assert(protocol == NDPI_PROTOCOL_UNKNOWN); + assert(module_struct != NULL); + assert(log_level == NDPI_LOG_DEBUG_EXTRA); + + (void)file; + (void)func; + (void)line; + + if (verbose_dga_detection) { + va_list vl; + + va_start(vl, format); + vprintf(format, vl); + va_end(vl); + } +} int main(int argc, char **argv) { FILE *fd; @@ -59,7 +81,7 @@ int main(int argc, char **argv) { verbose = 1; if(argv[3] != NULL) - ndpi_verbose_dga_detection = 1; + verbose_dga_detection = 1; } if (ndpi_get_api_version() != NDPI_API_VERSION) { @@ -73,6 +95,8 @@ int main(int argc, char **argv) { assert(ndpi_str != NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); + ndpi_set_log_level(ndpi_str, NDPI_LOG_DEBUG_EXTRA); + set_ndpi_debug_function(ndpi_str, ndpi_dbg_fn); ndpi_finalize_initialization(ndpi_str); assert(ndpi_str != NULL); diff --git a/utils/check_symbols.sh b/utils/check_symbols.sh index 5ab064c184d..1f45718f1fb 100755 --- a/utils/check_symbols.sh +++ b/utils/check_symbols.sh @@ -19,11 +19,21 @@ for line in `nm -P -u "${NDPI_LIB}"`; do fi #printf '%s\n' "${line}" - FOUND_SYMBOL="$(printf '%s' "${line}" | grep '^\(malloc\|calloc\|realloc\|free\)$' || true)" + FOUND_SYMBOL="$(printf '%s' "${line}" | grep '^\(malloc\|calloc\|realloc\|free\|printf\|fprintf\)$' || true)" if [ ! -z "${FOUND_SYMBOL}" ]; then SKIP=0 case "${CURRENT_OBJECT}" in + '[ndpi_main.o]') + case "${FOUND_SYMBOL}" in + 'printf'|'fprintf') SKIP=1 ;; + esac + ;; + '[ahocorasick.o]'|'[ndpi_serializer.o]') + case "${FOUND_SYMBOL}" in + 'fprintf') SKIP=1 ;; + esac + ;; '[roaring.o]') case "${FOUND_SYMBOL}" in 'malloc'|'calloc'|'realloc'|'free') SKIP=1 ;; diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index 38e54998054..ba74076cb86 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -63,7 +63,7 @@ Disabled - $(ProjectDir)src\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;%(AdditionalIncludeDirectories) + $(ProjectDir)src\;$(ProjectDir)src\lib\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;%(AdditionalIncludeDirectories) NDPI_LIB_COMPILATION;WIN32;_WIN64;_DEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) Default MultiThreadedDebugDLL @@ -91,7 +91,7 @@ Disabled - $(ProjectDir)src\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;$(ProjectDir)..\windows\WpdPack\Include\;%(AdditionalIncludeDirectories) + $(ProjectDir)src\;$(ProjectDir)src\lib\;$(ProjectDir)..\src\lib\protocols\;$(ProjectDir)..\src\include\;$(ProjectDir)..\;$(ProjectDir)..\src\lib\third_party\include\;$(ProjectDir)..\windows\WpdPack\Include\;%(AdditionalIncludeDirectories) PTW32_STATIC_LIB;STATIC_GETOPT;NDPI_LIB_COMPILATION;HAVE_STRUCT_TIMESPEC;WIN32;_WIN64;_DEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) Default MultiThreadedDebugDLL @@ -352,6 +352,7 @@ +